CVE-2022-22545

CWE-200 — Information Exposure3 documents3 sources

Severity

4.9MEDIUM

EPSS

0.4%

top 41.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Netweaver Application Server Abap AND Abap Platform SAP Netweaver Abap

Timeline

PublishedFeb 9

Latest updateFeb 11

Description

A high privileged user who has access to transaction SM59 can read connection details stored with the destination for http calls in SAP NetWeaver Application Server ABAP and ABAP Platform - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5sap_se/sap_netweaver_application_server_abap_and_abap_platform15 versions+14

▶NVDsap/netweaver_abap15 versions+14

🔴Vulnerability Details

GHSA

GHSA-fmqh-553p-23mc: A high privileged user who has access to transaction SM59 can read connection details stored with the destination for http calls in SAP NetWeaver Appl↗2022-02-11

▶

CVEList

CVE-2022-22545: A high privileged user who has access to transaction SM59 can read connection details stored with the destination for http calls in SAP NetWeaver Appl↗2022-02-09

▶